Lessons from Marriott/Starwood: Updates as of January 7, 2019

Update (January 7, 2019):  As Marriott International continues to release more details about its data breach, there is both good news and bad. One piece of good news is that fewer people were affected — no more than 383 million customers, and probably less, rather than the 500 million originally feared.

Also in the good news column is that the stolen payment card data and most of the stolen passport numbers were encrypted. Marriott says there is no evidence that the encryption has been broken. The bad news is that 5.3 million unencrypted passport numbers were exposed.

In December, Marriott began sending notices to affected customers, and it created a webpage with more information about the breach, including numbers you can call for more information.

As with all breaches, new information continues to be shared as the organizations determine what was stolen and confirm what security measures were in place, such as encryption. With the development of new privacy standards and laws, organizations should be considering what customer information they need (rather than want) and consider limiting their requests to truly required data fields. Obviously, this breach has raised awareness about the amount of information that travel websites are collecting and the importance of consumers staying vigilant.

To learn more about cybersecurity best practices and how you can protect your organization, download our cybersecurity resource kit or visit weaver.com for more insights on security risks and prevention.

Read more from our "Lessons from the Breach" series:

© 2019